Linux - DistributionsThis forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on...
Note: An (*) indicates there is no official participation from that distribution here at LQ.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

What it gives:
1. Understanding what are dependencies in core system.
2. Examples of typical problems/choices while compiling original source packages.
3. In mailing list archives there are some guides to making Live CD's or install CD's.

I would not say "the only". But rather good and suitable. By the way, I can imagine situation where all that is really needed is to take rpm as core, and then build something like yum infrastructure around it, with simply other rules of preference for packages and other system defaults.

I plan to build a distro to fit the requirements of a specific system. I can't say much about it because I didn't use it personally. The only thing I know about it (so far) is that the system requires specific hardware and the information it handles must be extremely well protected.
In order to increase the security level of the system the company is sponsoring a project to build an OS specially for it.
This OS must:
- Be secure (including HD cryptography)
- Have a good user interface to be used (in a daily basis) by regular users without a wide knowledge about computers (I thought about KDE or Gnome).
- Be built in a manner that only the sponsor itself and those involved in the project know how to install and configure the distro (they think this might enhance the security of the system and the data it handles)
Our team counts on two developers (me and my bro) and the project is intended to be completed in two years. I am a Linux user (and fan) since the end of 2003 and my favorite distro is Slackware (in witch I start) and I know a couple of things about Ubuntu as well.
First, I need to know as much as I can about building a distro from the very beginning to evaluate the possibility of building a new distro from an existent one. That’s why I’ve started this new topic to collect hints and information.

This OS must:
- Be secure (including HD cryptography)
- Have a good user interface to be used (in a daily basis) by regular users without a wide knowledge about computers (I thought about KDE or Gnome).
- Be built in a manner that only the sponsor itself and those involved in the project know how to install and configure the distro (they think this might enhance the security of the system and the data it handles)

Couldnt all of this be done by hardening a current, notably sucure distro say such as slackware, or even a bsd. If only the sponser and you know who to install the distro it wont help security, it means that you'll be providing a vendor lock in of sorts. What happens when you leave for other work? or if the sponser changed hands and no longer has the knowledge to support your os. If you use a product that other people are using and is FOSS then other thousands of people around the world will be in-directly helping to security test your os/distro by letting it be attacked in real world curcumstances.

I really would suggest using what you know, say slackware and learning to harden it for your own needs

edit: hd encrpytion is realativly easy to set up on linux, security is at the heart of unix. Good ui, yeah they'll do but wouldnt you want to try something prettier, have a look at elive

- Be built in a manner that only the sponsor itself and those involved in the project know how to install and configure the distro (they think this might enhance the security of the system and the data it handles)

Do they mean that they want to audit and apply security patches themselves? Or do they simply mean that only the administrator has access to the update program. If there are several users, you might consider having many of the partitions mounted read-only on a central server. Then updates can be performed by a single person, once for all the hosts. The Linux Filesystem Hierarcy Standard http://www.tldp.org explains which directories can be shared and which can be static.
There are two other interpretations. The hosts are updated from a local repository, or updates are pushed onto the hosts from a local server.

Would OpenBSD not be an option? Not a Linux, but proven to be secure, and a bunch of developers actively working to keep things this way. Turning OpenBSD into what you need to do might be easier (and more secure) than doing it yourself. And this company could sponsor OpenBSD for doing the base work.

If it's not an option, I'd still suggest having a close look at OpenBSD and understanding the choices they have made.

Given the importance that security is in your case, I think that for a linux distro, you might consider Fedora Core, which by default uses an SELinux kernel. ( I use SuSE, so I'm not blowing my own distro's horn. ) Also, they have an excellent record in prompt security patch releases. While SuSE has an EAL 4+ rating, anything I've seen advertised much above that (EAL 7 for example) use SELinux and virtualization.http://www.linuxquestions.org/questi...ht=%3Dreiserfs

These levels rate how easy it is to achieve a secure system. Starting out with a proven design and putting the effort and money in securing it sounds like a better gameplan than rolling your own. As a matter of fact, newness and security are inversly proportional.

You might try searching the net for the terms "EAL-7 DO-178" for maximum security and reliablity options.